Thread: LB Text Battle Formatting
View Single Post
  #57  
Unread 10-08-2019, 06:08 AM
EtH
Hall Of Famer
Spring Champion
Join Date: Sep 2008
Posts: 2,454
Mentioned: 303 Post(s)
Tagged: 16 Thread(s)
Estimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 stars
Ranked Audio Record
1 Won / 0 Lost
Estimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.2/10 starsEstimated Skill in Text: 7.2/10 starsEstimated Skill in Text: 7.2/10 stars
Ranked Text Record
8 Won / 4 Lost
Default
Quote:
Originally Posted by Shodan View Post
USERNAME: X
PASSWORD: SELECT * FROM Users WHERE 1=1;
You think I'd never tried to SQL Inject LB on day 1?

Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.

I think it'd go:-

Username: EtH" OR User_Id = 1

This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"

Off the top can't remember how you handle the password though.
__________________
@mcg#3451
Reply With Quote
Unread 10-08-2019, 06:08 AM   #57
 
EtH
Hall Of Famer
Spring Champion
Estimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 starsEstimated Skill in Audio: 7.13/10 stars
Ranked Audio Record
1 Won / 0 Lost
Estimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.13/10 starsEstimated Skill in Text: 7.2/10 starsEstimated Skill in Text: 7.2/10 starsEstimated Skill in Text: 7.2/10 stars
Ranked Text Record
8 Won / 4 Lost
 
Join Date: Sep 2008
Voted: 5 audio / 65 text
Posts: 2,454
Mentioned: 303 Post(s)
Tagged: 16 Thread(s)
Default
Quote:
Originally Posted by Shodan View Post
USERNAME: X
PASSWORD: SELECT * FROM Users WHERE 1=1;
You think I'd never tried to SQL Inject LB on day 1?

Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.

I think it'd go:-

Username: EtH" OR User_Id = 1

This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"

Off the top can't remember how you handle the password though.
__________________
@mcg#3451
Offline  
Reply With Quote